Cybersecurity Roadmap For Beginners | Beginner Cybersecurity Roadmap to Start Your Career 2025

[00:00:00] Loads of like really, really good roadmaps on your channel that have shared how to get in, how to get your first jobs in various roles. So what are those key steps to the path that you'd recommend today?

[00:00:17] Yeah, look, I think that's sort of the best or like the best way, in my opinion, doesn't exist. Like you said earlier, Caleb, there's so many ways to achieving that goal. But in my opinion, if you're someone who's like, you've never worked in this field a day in your life, so you probably have an idea of what that field might look like.

[00:00:38] Or maybe you have, you know, you prefer one of the like you want to be an ethical hacker or you want to do digital forensics or maybe GRC. In my opinion, if you're brand new, you haven't done anything. The first step is to just keep an open mind and just try to get your foot in the door.

[00:00:56] So step number one, just accept that it doesn't really matter what the first job might be. Your goal or the most important thing is to try and get experience. So get your foot in the door.

[00:01:08] So in my view, if you know nothing, I think like something like, I don't know, the Google cybersecurity cert or even like a security plus, which I'm not a fan of, but something broad and general that just explains to you what cybersecurity is.

[00:01:20] So that should be like your first call of action. Now, if someone has done an entire degree in cybersecurity and again, criteria, that degree is good because, you know, degrees are different.

[00:01:32] It's not just one thing. Let's say, let's assume that someone has done a really good bachelor degree in cybersecurity.

[00:01:37] They can possibly skip that first step so they don't need to do a broad training in cybersecurity.

[00:01:42] But if someone hasn't done that, then yeah, something like the Google cybersecurity cert, security plus or both would be a good start in my opinion.

[00:01:49] And then the way I would approach it is take a generalist approach.

[00:01:55] So try to learn one thing from each area. However, don't fall into the trap of staying in that entry level land.

[00:02:03] For example, like the Google cybersecurity cert and security plus, those are entry level.

[00:02:08] Let's say I've got a course called GRC mastery. Again, it will introduce you to the world of GRC.

[00:02:13] It will give you the skills that we need for GRC jobs.

[00:02:15] So now you've got like more of a broad range of skills.

[00:02:19] I think the next step should be to pick something that's intermediate level, that's hands-on, but also a little bit challenging.

[00:02:26] So pick a platform. It doesn't matter which one.

[00:02:29] Let's say you pick TryHackMe or HackTheBox or whichever.

[00:02:32] Pick something and, in my view, focus on the blue team side of things.

[00:02:36] Defensive skills, skills that will get you in a security operation center, like even something like Let's Defend is fantastic or Cyber Defenders.

[00:02:44] All of these platforms are great because they give you hands-on practical skills.

[00:02:49] Having these skills, let's say you have a SOC analyst skills, you have GRC skills, and you have broad knowledge.

[00:02:54] In my opinion, this will give you an excellent leg up into landing your first cybersecurity job.

[00:03:01] I think the common mistakes that happen is people, and I see CVs and emails and comments almost every day.

[00:03:08] They'll be like, it's really hard to land a cybersecurity job.

[00:03:11] I'm like, what have you done?

[00:03:12] It's like, I've done come to your A-plus network plus security.

[00:03:14] I'm like, well, fantastic.

[00:03:15] So you haven't done anything?

[00:03:16] You're just really just stopping.

[00:03:18] Or they'll be like, I've done Google Cyber Analyst and Microsoft Analyst and then Secure Plus.

[00:03:22] I'm like, okay, so you've done step number one.

[00:03:24] Like, what's stopping you?

[00:03:25] He's like, it's hard.

[00:03:27] I'm like, so what is hard?

[00:03:28] Like, what have you done?

[00:03:28] You've just studied something, and you haven't even applied to a single job.

[00:03:32] So in my opinion, just don't stay too long in that beginner land.

[00:03:37] Like, do something challenging.

[00:03:38] Do more than one challenging course.

[00:03:40] And I think the second thing and the second sinister thing is sometimes people are so afraid of rejection.

[00:03:46] They apply to one or two jobs.

[00:03:48] They get rejected or something.

[00:03:50] Maybe the company didn't reply to them.

[00:03:52] But unfortunately, they start to make conclusions from that rejection.

[00:03:58] They start to conclude, okay, I got rejected.

[00:04:01] Therefore, the market is really bad.

[00:04:03] Or, oh my God, one company rejected me.

[00:04:05] Then cybersecurity is not entry level.

[00:04:07] Then they go to Reddit, and they read garbage posts about how, you know, the field is doomed and gloomed.

[00:04:13] And, you know, there is no hope.

[00:04:15] So I think we, no one likes to get rejected.

[00:04:18] I hate being rejected.

[00:04:19] But it's just, you know, you got to play the numbers game.

[00:04:21] We all get rejected.

[00:04:23] So again, the second mistake I see is they only apply to one or two jobs, and then they give up.

[00:04:27] In fact, if it was me, I would apply to jobs every single day and just get used to being rejected.

[00:04:34] And I'd like to give this example.

[00:04:36] Compare two candidates.

[00:04:37] One has applied to three jobs, whilst the other person have applied to 300 jobs.

[00:04:43] Which one has a higher likelihood of landing an interview and landing a job?

[00:04:47] I think, like, the answer is really obvious in that one.

[00:04:50] So I think this is a rough plan.

[00:04:51] And like you said, I've got this same plan in so much detail in my videos.

[00:04:57] So I think that's what I would personally do.

[00:05:01] And this has been proven time and time again.

[00:05:03] I do get, you know, comments on my YouTube videos.

[00:05:07] I get messages on Discord of individuals from all over the world who have followed these plans

[00:05:12] and have successfully landed their first cybersecurity jobs.

[00:05:16] Which is an ultimate proof to anyone who says, you know, it's impossible to land the job.

[00:05:21] Absolutely wrong.

[00:05:22] It's definitely possible.

[00:05:24] It happens every single day.

[00:05:26] Amazing.

[00:05:27] And that's an incredible path that you've laid out for anyone trying to get their first role.

[00:05:34] One of the things I really like that you said is comparing the difference between the two people.

[00:05:40] One of them with three jobs.

[00:05:42] One of them who has applied to over 300.

[00:05:45] 100.

[00:05:45] I think a lot of the times people searching for roles are not searching with the same hunger as some people do.

[00:05:55] People talk about, there's one thing that I can't remember who told me this, but someone said that if you're looking for a nine to five and you don't have a nine to five,

[00:06:05] your nine to five should be looking for a nine to five.

[00:06:09] And so the time you're not working and looking for that role, your job, your one job should be applying to roles every day, tailoring your CV to numerous roles and really just grinding and going for that.

[00:06:24] And of course, this is when you're at the point where, you know, you've got the skills ready for the roles that you're applying for.

[00:06:31] And if you aren't applying with that same hunger as others are, your chances are so much lower than they should be.

[00:06:43] So that's a great analogy.